CVE-2020-3615
📋 TL;DR
This vulnerability in Qualcomm Snapdragon chipsets allows attackers to perform denial-of-service attacks by sending rogue deauthentication/disassociation frames. When RMF (Radio Measurement Framework) is enabled, valid frames are improperly dropped due to incorrect enum values checking frame subtypes. This affects numerous Snapdragon-based devices across automotive, compute, mobile, and IoT sectors.
💻 Affected Systems
- Snapdragon Auto
- Snapdragon Compute
- Snapdragon Consumer Electronics Connectivity
- Snapdragon Consumer IOT
- Snapdragon Industrial IOT
- Snapdragon Mobile
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete wireless network disruption, persistent denial of service to affected devices, potential for targeted attacks against critical infrastructure or medical devices using these chipsets.
Likely Case
Intermittent Wi-Fi disconnections, degraded network performance, and service disruption for affected devices in environments with malicious actors.
If Mitigated
Minimal impact if RMF is disabled or devices are patched; normal operation with occasional frame processing delays.
🎯 Exploit Status
Exploitation requires sending crafted deauthentication/disassociation frames, which is relatively simple with Wi-Fi packet injection tools. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Qualcomm security bulletin for specific firmware versions
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin
Restart Required: Yes
Instructions:
1. Check device manufacturer for firmware updates
2. Apply Qualcomm-provided patches through OEM firmware updates
3. Reboot device after update
4. Verify RMF functionality if needed for specific applications
🔧 Temporary Workarounds
Disable RMF Framework
linuxDisable Radio Measurement Framework to prevent exploitation, though this may impact Wi-Fi optimization features
# Requires root access
# Method varies by device - typically through Wi-Fi driver configuration
# Consult device-specific documentation for RMF disable procedures
🧯 If You Can't Patch
- Segment network to isolate vulnerable devices from potential attackers
- Implement wireless intrusion detection systems to monitor for deauthentication flood attacks
🔍 How to Verify
Check if Vulnerable:
Check device chipset model and firmware version against Qualcomm's affected list. Use commands like 'cat /proc/cpuinfo' or device-specific system info commands.Check Version:
Device-specific: For Android - 'getprop ro.build.fingerprint' or 'getprop ro.build.version.security_patch'Verify Fix Applied:
Verify firmware version has been updated to post-May 2020 release. Check with device manufacturer for patch confirmation.📡 Detection & Monitoring
Log Indicators:
- Excessive deauthentication/disassociation frames in Wi-Fi logs
- Unusual Wi-Fi disconnection patterns
- RMF-related error messages
Network Indicators:
- High volume of deauthentication frames from single source
- Spoofed MAC addresses sending deauth packets
- Abnormal Wi-Fi channel utilization patterns
SIEM Query:
source="wifi_logs" AND ("deauth" OR "disassoc") AND count > threshold_per_minute